/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Copyright 2015 Freescale Semiconductor, Inc.
 */

#ifndef _FSL_VALIDATE_H_
#define _FSL_VALIDATE_H_

#include <fsl_sec.h>
#include <fsl_sec_mon.h>
#include <command.h>
#include <linux/types.h>

#define WORD_SIZE 4

/* Minimum and maximum size of RSA signature length in bits */
#define KEY_SIZE       4096
#define KEY_SIZE_BYTES (KEY_SIZE/8)
#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))

extern struct jobring jr;

/* Barker code size in bytes */
#define ESBC_BARKER_LEN 4       /* barker code length in ESBC uboot client */
                                /* header */

/* No-error return values */
#define ESBC_VALID_HDR  0       /* header is valid */

/* Maximum number of SG entries allowed */
#define MAX_SG_ENTRIES  8

/* Different Header Struct for LS-CH3 */
#ifdef CONFIG_ESBC_HDR_LS
struct fsl_secboot_img_hdr {
        u8 barker[ESBC_BARKER_LEN];     /* barker code */
        u32 srk_tbl_off;
        struct {
                u8 num_srk;
                u8 srk_sel;
                u8 reserve;
        } len_kr;
        u8 ie_flag;

        u32 uid_flag;

        u32 psign;              /* signature offset */
        u32 sign_len;           /* length of the signature in bytes */

        u64 pimg64;             /* 64 bit pointer to ESBC Image */
        u32 img_size;           /* ESBC client image size in bytes */
        u32 ie_key_sel;

        u32 fsl_uid_0;
        u32 fsl_uid_1;
        u32 oem_uid_0;
        u32 oem_uid_1;
        u32 oem_uid_2;
        u32 oem_uid_3;
        u32 oem_uid_4;
        u32 reserved1[3];
};

#ifdef CONFIG_KEY_REVOCATION
/* Srk table and key revocation check */
#define UNREVOCABLE_KEY 8
#define ALIGN_REVOC_KEY 7
#define MAX_KEY_ENTRIES 8
#endif

#if defined(CONFIG_FSL_ISBC_KEY_EXT)
#define IE_FLAG_MASK 0x1
#define SCRATCH_IE_LOW_ADR 13
#define SCRATCH_IE_HIGH_ADR 14
#endif

#else /* CONFIG_ESBC_HDR_LS */

/*
 * ESBC uboot client header structure.
 * The struct contain the following fields
 * barker code
 * public key offset
 * pub key length
 * signature offset
 * length of the signature
 * ptr to SG table
 * no of entries in SG table
 * esbc ptr
 * size of esbc
 * esbc entry point
 * Scatter gather flag
 * UID flag
 * FSL UID
 * OEM UID
 * Here, pub key is modulus concatenated with exponent
 * of equal length
 */
struct fsl_secboot_img_hdr {
        u8 barker[ESBC_BARKER_LEN];     /* barker code */
        union {
                u32 pkey;               /* public key offset */
#ifdef CONFIG_KEY_REVOCATION
                u32 srk_tbl_off;
#endif
        };

        union {
                u32 key_len;            /* pub key length in bytes */
#ifdef CONFIG_KEY_REVOCATION
                struct {
                        u32 srk_table_flag:8;
                        u32 srk_sel:8;
                        u32 num_srk:16;
                } len_kr;
#endif
        };

        u32 psign;              /* signature offset */
        u32 sign_len;           /* length of the signature in bytes */
        union {
                u32 psgtable;   /* ptr to SG table */
#ifndef CONFIG_ESBC_ADDR_64BIT
                u32 pimg;       /* ptr to ESBC client image */
#endif
        };
        union {
                u32 sg_entries; /* no of entries in SG table */
                u32 img_size;   /* ESBC client image size in bytes */
        };
        u32 img_start;          /* ESBC client entry point */
        u32 sg_flag;            /* Scatter gather flag */
        u32 uid_flag;
        u32 fsl_uid_0;
        u32 oem_uid_0;
        u32 reserved1[2];
        u32 fsl_uid_1;
        u32 oem_uid_1;
        union {
                u32 reserved2[2];
#ifdef CONFIG_ESBC_ADDR_64BIT
                u64 pimg64;     /* 64 bit pointer to ESBC Image */
#endif
        };
        u32 ie_flag;
        u32 ie_key_sel;
};

#ifdef CONFIG_KEY_REVOCATION
/* Srk table and key revocation check */
#define SRK_FLAG        0x01
#define UNREVOCABLE_KEY 4
#define ALIGN_REVOC_KEY 3
#define MAX_KEY_ENTRIES 4
#endif

#if defined(CONFIG_FSL_ISBC_KEY_EXT)
#define IE_FLAG_MASK 0xFFFFFFFF
#endif

#endif /* CONFIG_ESBC_HDR_LS */


#if defined(CONFIG_FSL_ISBC_KEY_EXT)
struct ie_key_table {
        u32 key_len;
        u8 pkey[2 * KEY_SIZE_BYTES];
};

struct ie_key_info {
        uint32_t key_revok;
        uint32_t num_keys;
        struct ie_key_table ie_key_tbl[32];
};
#endif

#ifdef CONFIG_KEY_REVOCATION
struct srk_table {
        u32 key_len;
        u8 pkey[2 * KEY_SIZE_BYTES];
};
#endif

/*
 * SG table.
 */
#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
/*
 * This struct contains the following fields
 * length of the segment
 * source address
 */
struct fsl_secboot_sg_table {
        u32 len;                /* length of the segment in bytes */
        u32 src_addr;           /* ptr to the data segment */
};
#else
/*
 * This struct contains the following fields
 * length of the segment
 * Destination Target ID
 * source address
 * destination address
 */
struct fsl_secboot_sg_table {
        u32 len;
        u32 trgt_id;
        u32 src_addr;
        u32 dst_addr;
};
#endif

/* ESBC global structure.
 * Data to be used across verification of different images.
 * Stores follwoing Data:
 * IE Table
 */
struct fsl_secboot_glb {
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
        uintptr_t ie_addr;
        struct ie_key_info ie_tbl;
#endif
};
/*
 * ESBC private structure.
 * Private structure used by ESBC to store following fields
 * ESBC client key
 * ESBC client key hash
 * ESBC client Signature
 * Encoded hash recovered from signature
 * Encoded hash of ESBC client header plus ESBC client image
 */
struct fsl_secboot_img_priv {
        uint32_t hdr_location;
        uintptr_t ie_addr;
        u32 key_len;
        struct fsl_secboot_img_hdr hdr;

        u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */
        u8 img_key_hash[32];    /* ESBC client key hash */

#ifdef CONFIG_KEY_REVOCATION
        struct srk_table srk_tbl[MAX_KEY_ENTRIES];
#endif
        u8 img_sign[KEY_SIZE_BYTES];            /* ESBC client signature */

        u8 img_encoded_hash[KEY_SIZE_BYTES];    /* EM wrt RSA PKCSv1.5  */
                                                /* Includes hash recovered after
                                                 * signature verification
                                                 */

        u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
                                                /* Includes hash of
                                                 * ESBC client header plus
                                                 * ESBC client image
                                                 */

        struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];      /* SG table */
        uintptr_t ehdrloc;      /* ESBC Header location */
        uintptr_t *img_addr_ptr;        /* ESBC Image Location */
        uint32_t img_size;      /* ESBC Image Size */
};

int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
                                char * const argv[]);

int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
        uintptr_t *img_addr_ptr);
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
        char * const argv[]);
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
        char * const argv[]);

int fsl_check_boot_mode_secure(void);
int fsl_setenv_chain_of_trust(void);

/*
 * This function is used to validate the main U-boot binary from
 * SPL just before passing control to it using QorIQ Trust
 * Architecture header (appended to U-boot image).
 */
void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
#endif